Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2] 3  All   Go Down

Author Topic: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...  (Read 20233 times)

0 Members and 1 Guest are viewing this topic.

BC_Programmer


    Mastermind
  • Typing is no substitute for thinking.
    • Thanked: 1140
    • Yes
    • Yes
    • BC-Programming.com
  • Certifications: List
  • Computer: Specs
  • Experience: Beginner
  • OS: Windows 11
Re: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...
« Reply #15 on: February 09, 2011, 12:27:52 PM »
Quote from: WiseFailure on February 09, 2011, 12:22:50 PM
SuperDave i sent you a PM with my logs.

Quote
* Copy and Paste the log in your post.
Logged
I was trying to dereference Null Pointers before it was cool.

Allan

  • Moderator

    • Mastermind
    • Thanked: 1260
  • Experience: Guru
  • OS: Windows 10
Re: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...
« Reply #16 on: February 09, 2011, 12:30:07 PM »
Quote from: WiseFailure on February 09, 2011, 12:22:50 PM
SuperDave i sent you a PM with my logs.
Post the logs in this thread
Logged

SuperDave

  • Malware Removal Specialist
  • Moderator


    • Genius
    • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...
« Reply #17 on: February 09, 2011, 12:48:58 PM »
Quote
Seriously man, should i really be worried? You saw how i mentioned that i got acall from someone saying that i won something that i registered to win last summer, right? They knew our address. I mean, that is just a coincidence, right?

Also taxes are being done right now, so if this person is watching us... they have seen everything. and its basically being given to them!!
There is no reason why you cannot post the logs in your replies.There is nothing in these logs that would give a hacker anything.
I get those calls all the time. There is yet no evidence that your computer has been compromised. 

I still need to see the log from SuperAntiSpyware.

Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

************************************************

Old versions of Java have vulnerabilities that malware can use to infect your system.[/COLOR]

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
************************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
****************************************************
I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
***************************************************
Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

WildTangent Web Driveror anything related to WildTangent.
*******************************************************
P2P - I see you have P2P software installed on your machine (µTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
Logged
Windows 8 and Windows 10 dual boot with two SSD's

WiseFailure

    Topic Starter


    Beginner

    • Experience: Beginner
    • OS: Unknown
    Re: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...
    « Reply #18 on: February 09, 2011, 01:02:52 PM »

    DDS (Ver_10-12-12.02) - NTFS_AMD64 
    Run by McCreary's at 15:01:33.06 on Wed 02/09/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.4094.2680 [GMT -5:00]

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Windows\system32\lxducoms.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
    C:\Windows\SysWOW64\Filter Services\Filter.exe
    C:\Windows\SysWOW64\Filter Services\fSec.exe
    C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\SysWOW64\PnkBstrB.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\SysWOW64\Filter Services\fService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\McCreary's\Music\SecurityCheck.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\McCreary's\Music\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = https://online.woodforest.com/WNB/Login.aspx?ReturnUrl=%2fWNB%2fAccounts%2fActivity.aspx
    uSearch Bar = Preserve
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: GoodShopToolbar: {0b4d6b1c-d1a6-4b21-9412-cc846ebfa818} - C:\Program Files (x86)\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
    BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: GoodSearchBar: {10834e9a-d475-4a24-ad01-f3f24f71b28e} - C:\Program Files (x86)\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\MCCREA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    Trusted Zone: intuit.com\ttlc
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://access.hersheymed.net/dana-cached/sc/JuniperSetupClient.cab
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [lxdumon.exe] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe"
    mRun-x64: [EzPrint] "C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe"
    mRun-x64: [TotalNetGuard] C:\Windows\SysWOW64\Filter Services\Filter.exe
    mRun-x64: [TotalNetGuardSec] C:\Windows\SysWOW64\Filter Services\fSec.exe

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\MCCREA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ykon5cvh.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: browser.search.selectedEngine - GoodSearch
    FF - prefs.js: browser.startup.homepage - hxxp://myafo.net
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=374563&p=
    FF - prefs.js: network.proxy.http - bastion01.afo.net
    FF - prefs.js: network.proxy.http_port - 10101
    FF - prefs.js: network.proxy.type - 1
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Users\McCreary's\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\McCreary's\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============

    R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);C:\Windows\System32\drivers\NEOFLTR_650_14951.SYS [2010-3-25 100400]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
    R2 lxdu_device;lxdu_device;C:\Windows\system32\lxducoms.exe -service --> C:\Windows\system32\lxducoms.exe -service [?]
    R2 TotalNetGuard;TotalNetGuard;C:\Windows\SysWOW64\Filter Services\fService.exe [2009-6-24 28672]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-13 135664]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-16 1255736]

    =============== Created Last 30 ================

    2011-02-08 11:51:33   7844688   ----a-w-   C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{B1DED7A7-7FC5-4864-9FE4-5A9562C744ED}\mpengine.dll
    2011-02-08 11:50:55   737072   ----a-w-   C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-7\Microsoft.MediaCenter.Sports.UI.dll
    2011-02-07 03:49:17   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\Malwarebytes
    2011-02-07 03:49:11   38224   ----a-w-   C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-02-07 03:49:11   --------   d-----w-   C:\PROGRA~3\Malwarebytes
    2011-02-07 03:49:08   24152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
    2011-02-07 03:49:08   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-02-06 00:28:52   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\SUPERAntiSpyware.com
    2011-02-06 00:28:52   --------   d-----w-   C:\PROGRA~3\SUPERAntiSpyware.com
    2011-02-06 00:28:49   --------   d-----w-   C:\PROGRA~3\!SASCORE
    2011-02-06 00:28:47   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
    2011-02-05 02:38:35   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\POWKEY
    2011-02-05 02:38:35   --------   d-----w-   C:\PROGRA~3\IMEAM
    2011-02-05 02:37:59   2291200   ----a-w-   C:\Windows\System32\drivers\imon\netconfig64.dll
    2011-02-05 02:37:59   --------   d-----w-   C:\Windows\System32\drivers\imon
    2011-02-05 02:37:58   99328   ----a-w-   C:\Windows\SysWow64\drivers\imon\imonlspins64.exe
    2011-02-05 02:37:58   147456   ----a-w-   C:\Windows\SysWow64\drivers\imon\uninstall.exe
    2011-02-05 02:37:58   110592   ----a-w-   C:\Windows\SysWow64\drivers\imon\netconfig.dll
    2011-02-05 02:37:58   --------   d--h--w-   C:\Windows\SysWow64\drivers\imon
    2011-02-05 02:37:56   --------   d--h--w-   C:\PROGRA~3\IMPKL
    2011-02-03 21:41:41   --------   d-----w-   C:\Program Files (x86)\Common Files\AnswerWorks 4.0
    2011-02-03 21:41:23   69715   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
    2011-02-03 21:41:23   5632   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
    2011-02-03 21:41:23   266240   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
    2011-02-03 21:41:23   172032   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
    2011-02-03 21:41:22   733184   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
    2011-02-03 21:41:22   303236   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
    2011-02-03 21:41:22   180356   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
    2011-02-03 21:19:11   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\Intuit
    2011-02-03 21:19:06   --------   d-----w-   C:\Program Files (x86)\Common Files\AnswerWorks 5.0
    2011-02-03 21:16:44   --------   d-----w-   C:\Users\MCCREA~1\AppData\Local\IsolatedStorage
    2011-02-03 21:16:43   --------   d-----w-   C:\Program Files (x86)\Common Files\Intuit
    2011-02-03 21:14:55   --------   d-----w-   C:\Program Files (x86)\TurboTax
    2011-02-03 21:14:45   --------   d-----w-   C:\PROGRA~3\Intuit
    2011-02-03 05:04:21   --------   d-----w-   C:\Program Files (x86)\Combined Community Codec Pack
    2011-02-03 04:55:19   --------   d--h--w-   C:\Windows\msdownld.tmp
    2011-02-03 04:55:16   --------   d-----w-   C:\Windows\SysWow64\directx
    2011-02-01 15:04:22   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\HdO Adventure
    2011-02-01 13:47:27   --------   d-----w-   C:\Program Files (x86)\A Girl in the City
    2011-01-31 23:23:25   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\Sungift Games
    2011-01-31 23:23:25   --------   d-----w-   C:\PROGRA~3\Sungift Games
    2011-01-31 23:22:33   --------   d-----w-   C:\Program Files (x86)\WildGames
    2011-01-31 23:14:44   --------   d-----w-   C:\Program Files (x86)\WildTangent Games
    2011-01-29 16:15:37   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\SpinTop Games
    2011-01-28 15:59:14   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\Sudden Games
    2011-01-27 14:05:58   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\DivoGames
    2011-01-24 02:19:13   374664   ----a-w-   C:\Windows\System32\drivers\netio.sys
    2011-01-22 03:46:29   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\Sawer
    2011-01-22 03:46:22   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\Sakura
    2011-01-22 03:46:11   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\PoiZone
    2011-01-20 21:21:42   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\Hardcore
    2011-01-20 21:18:20   --------   d-----w-   C:\Program Files (x86)\ASIO4ALL v2
    2011-01-20 21:06:12   225280   ----a-w-   C:\Windows\SysWow64\rewire.dll
    2011-01-20 21:06:03   1554944   ----a-w-   C:\Windows\SysWow64\vorbis.acm
    2011-01-20 21:05:52   --------   d-----w-   C:\Program Files (x86)\VstPlugins
    2011-01-20 21:05:51   --------   d-----w-   C:\Program Files (x86)\Outsim
    2011-01-20 21:04:58   --------   d-----w-   C:\Program Files (x86)\Image-Line
    2011-01-20 20:53:39   --------   d-----w-   C:\Users\MCCREA~1\AppData\Roaming\DVDVideoSoftIEHelpers
    2011-01-12 19:56:34   987136   ----a-w-   C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2011-01-12 19:56:34   720896   ----a-w-   C:\Windows\System32\odbc32.dll
    2011-01-12 19:56:34   573440   ----a-w-   C:\Windows\SysWow64\odbc32.dll
    2011-01-12 19:56:34   495616   ----a-w-   C:\Program Files\Common Files\System\ado\msadox.dll
    2011-01-12 19:56:34   466944   ----a-w-   C:\Program Files\Common Files\System\ado\msadomd.dll
    2011-01-12 19:56:34   372736   ----a-w-   C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2011-01-12 19:56:34   352256   ----a-w-   C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-12 19:56:34   258048   ----a-w-   C:\Program Files\Common Files\System\msadc\msadco.dll
    2011-01-12 19:56:34   208896   ----a-w-   C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2011-01-12 19:56:34   1425408   ----a-w-   C:\Program Files\Common Files\System\ado\msado15.dll

    ==================== Find3M  ====================

    2011-02-02 22:11:20   270720   ------w-   C:\Windows\System32\MpSigStub.exe
    2011-01-07 08:06:50   46080   ----a-w-   C:\Windows\System32\atmlib.dll
    2011-01-07 07:27:11   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20   366080   ----a-w-   C:\Windows\System32\atmfd.dll
    2011-01-07 05:33:11   294400   ----a-w-   C:\Windows\SysWow64\atmfd.dll
    2011-01-05 06:20:30   612352   ----a-w-   C:\Windows\System32\vbscript.dll
    2011-01-05 05:37:33   428032   ----a-w-   C:\Windows\SysWow64\vbscript.dll
    2011-01-05 04:00:16   3127808   ----a-w-   C:\Windows\System32\win32k.sys
    2010-12-18 06:15:38   1197056   ----a-w-   C:\Windows\System32\wininet.dll
    2010-12-18 06:11:41   57856   ----a-w-   C:\Windows\System32\licmgr10.dll
    2010-12-18 06:11:34   714752   ----a-w-   C:\Windows\System32\kerberos.dll
    2010-12-18 05:32:22   981504   ----a-w-   C:\Windows\SysWow64\wininet.dll
    2010-12-18 05:29:40   44544   ----a-w-   C:\Windows\SysWow64\licmgr10.dll
    2010-12-18 05:29:31   541184   ----a-w-   C:\Windows\SysWow64\kerberos.dll
    2010-12-18 04:55:03   482816   ----a-w-   C:\Windows\System32\html.iec
    2010-12-18 04:20:55   386048   ----a-w-   C:\Windows\SysWow64\html.iec
    2010-12-18 04:13:40   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
    2010-12-18 03:47:59   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
    2010-11-29 22:38:30   94208   ----a-w-   C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 22:38:30   69632   ----a-w-   C:\Windows\SysWow64\QuickTime.qts
    2010-11-12 23:53:06   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll

    ============= FINISH: 15:01:58.41 ===============


    second log



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/9/2010 5:08:14 PM
    System Uptime: 2/9/2011 2:35:29 PM (1 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. |  | EP45-UD3P
    Processor: Intel(R) Core(TM)2 Quad CPU    Q9400  @ 2.66GHz | Socket 775 | 1973/333mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 699 GiB total, 539.904 GiB free.
    D: is CDROM ()
    I: is FIXED (NTFS) - 0 GiB total, 0.069 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
    Description: Unknown Device
    Device ID: USB\VID_0000&PID_0000\5&428A151&0&3
    Manufacturer: (Standard USB Host Controller)
    Name: Unknown Device
    PNP Device ID: USB\VID_0000&PID_0000\5&428A151&0&3
    Service:

    ==== System Restore Points ===================

    RP179: 2/3/2011 12:01:40 AM - Installed DirectX
    RP180: 2/3/2011 11:06:25 AM - Windows Update
    RP181: 2/3/2011 4:16:45 PM - Installed TurboTax 2009 wrapper
    RP182: 2/3/2011 4:17:07 PM - Installed TurboTax 2009 WinPerReleaseEngine
    RP183: 2/3/2011 4:17:54 PM - Installed TurboTax 2009 WinPerFedFormset
    RP184: 2/3/2011 4:18:24 PM - Installed TurboTax 2009 WinPerTaxSupport
    RP185: 2/3/2011 4:18:45 PM - Installed iSEEK AnswerWorks English Runtime
    RP186: 2/3/2011 4:36:45 PM - Installed TurboTax 2009 wpaiper
    RP187: 2/3/2011 4:40:38 PM - Installed TurboTax Premier 2007
    RP188: 2/3/2011 4:41:25 PM - Installed AnswerWorks 4.0 Runtime - English
    RP189: 2/3/2011 4:52:07 PM - Installed TurboTax 2008 wrapper
    RP190: 2/3/2011 4:52:18 PM - Installed TurboTax 2008 WinPerReleaseEngine
    RP191: 2/3/2011 4:53:03 PM - Installed TurboTax 2008 WinPerFedFormset
    RP192: 2/3/2011 4:53:29 PM - Installed TurboTax 2008 WinPerTaxSupport
    RP193: 2/3/2011 4:53:53 PM - Installed TurboTax 2008 WinPerProgramHelp
    RP194: 2/3/2011 4:54:15 PM - Installed TurboTax 2008 WinPerUserEducation
    RP195: 2/4/2011 2:36:59 PM - Windows Update
    RP196: 2/5/2011 1:22:52 AM - Windows Update
    RP197: 2/5/2011 10:54:29 AM - Windows Update
    RP198: 2/8/2011 6:51:13 AM - Windows Update
    RP199: 2/9/2011 12:30:49 PM - Windows Update
    RP200: 2/9/2011 2:33:27 PM - Installed Java(TM) 6 Update 23

    ==== Installed Programs ======================

    µTorrent
    A Girl in the City
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    Amazon MP3 Downloader 1.0.10
    AnswerWorks 4.0 Runtime - English
    Apple Application Support
    Apple Software Update
    ASIO4ALL
    Ask Toolbar
    Autumn's Treasures: The Jade Coin
    Big Fish Games: Game Manager
    BufferChm
    Byki
    Byki Standard
    Carambis Driver Updater
    Combined Community Codec Pack 2010-10-10
    Compatibility Pack for the 2007 Office system
    Copy
    Counter-Strike: Source
    Coupon Printer for Windows
    Dealio Toolbar v4.1
    Destinations
    DeviceDiscovery
    Disney-Pixar Ratatouille
    DJ_AIO_05_F4400_Software_Min
    Dream Day True Love
    Driver Detective
    Drumaxx
    F4400
    Facebook Plug-In
    FL Studio 9
    Forgotten Places - Lost Circus
    GoodSearch Toolbar
    Google Earth
    Google Update Helper
    GPBaseService2
    Hardcore
    Hidden Expedition: Amazon ™
    Holly 2: Magic Land
    HP Photo Creations
    HP Update
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    IL Download Manager
    InfraRecorder
    iSEEK AnswerWorks English Runtime
    Java Auto Updater
    Java(TM) 6 Update 23
    Juniper Networks Cache Cleaner 6.5.0
    Juniper Networks Host Checker
    Juniper Networks Secure Application Manager
    Juniper Networks Setup Client
    Killing Floor
    LeapFrog Connect
    LeapFrog Leapster2 Plugin
    Left 4 Dead
    Left 4 Dead 2
    Lexmark Printable Web
    Lost Lagoon: The Trail of Destiny
    Malwarebytes' Anti-Malware
    MarketResearch
    Mass Effect
    Microsoft Default Manager
    Microsoft Flight Simulator X Demo
    Microsoft Office Excel Viewer
    Microsoft Office Word Viewer 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Motorola Driver Installation
    Mozilla Firefox (3.6.13)
    MSN Toolbar
    MSN Toolbar Platform
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Mystery of Shark Island
    Mystery Stories: Berlin Nights
    Mystic Gateways: The Celestial Quest
    Oblivion
    OpenOffice.org 3.1
    Oregon Trail 5
    PoiZone
    PriceGong 2.1.0
    PunkBuster Services
    QuickTime
    Sakura
    Sawer
    Scan
    Secret Mission: The Forgotten Island
    SmartWebPrinting
    SolutionCenter
    Status
    Steam
    The Clumsys
    The Polynomial
    Toolbox
    Toxic Biohazard
    Transparent Language System
    TrayApp
    TurboTax 2008
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wpaiper
    TurboTax 2009 wrapper
    TurboTax Premier 2007
    Unity Web Player
    Update Installer for WildTangent Games App
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
    WeatherBug
    WebReg
    WildTangent Games
    WildTangent Games App

    ==== Event Viewer Messages From Past Week ========

    2/9/2011 12:17:57 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
    2/9/2011 1:48:21 PM, Error: Service Control Manager [7034]  - The Application Updater service terminated unexpectedly.  It has done this 1 time(s).
    2/4/2011 7:25:51 AM, Error: Microsoft Antimalware [3002]  -
    2/2/2011 1:55:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.97.875.0).

    ==== End Of File ===========================

    Logged

    WiseFailure

      Topic Starter


      Beginner

      • Experience: Beginner
      • OS: Unknown
      Re: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...
      « Reply #19 on: February 09, 2011, 02:53:56 PM »
      Before i left, i was going to post my log from my first spyware scan.

      Here it is

      (the K drive is not hooked up right now.)

      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 02/05/2011 at 10:42 PM

      Application Version : 4.48.1000

      Core Rules Database Version : 6348
      Trace Rules Database Version: 4160

      Scan type       : Complete Scan
      Total Scan Time : 03:03:47

      Memory items scanned      : 625
      Memory threats detected   : 0
      Registry items scanned    : 13438
      Registry threats detected : 0
      File items scanned        : 381800
      File threats detected     : 152

      Adware.Tracking Cookie
         C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@pointroll[4].txt
         C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@zedo[1].txt
         C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@doubleclick[2].txt
         C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@apmebf[1].txt
         C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary'[email protected][6].txt
         C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary'[email protected][2].txt
         C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@2o7[2].txt
         C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@mediaplex[2].txt
         C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary'[email protected][1].txt
         C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@invitemedia[2].txt
         C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary'[email protected][3].txt
         C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary'[email protected][2].txt
         C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary'[email protected][1].txt
         C:\Users\McCreary's\AppData\Roaming\Microsoft\Windows\Cookies\mccreary's@questionmarket[2].txt
         2mdn.net [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         allegromultimedia.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         bbca.channelfinder.net [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         cdn.eyewonder.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         cdn.insights.gravity.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         cdn2.themis-media.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         cdn4.specificclick.net [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         content.oddcast.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         convoad.technoratimedia.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         core.insightexpressai.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         files.youporn.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         ia.media-imdb.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         macromedia.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         media.alot.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         media.ign.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         media.kmov.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         media.mtvnservices.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         media.nbcwashington.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         media.nintendo.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         media.richrelevance.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         media.scanscout.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         media.vmixcore.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         media10.washingtonpost.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         mediasuite.multicastmedia.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         msnbcmedia.msn.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         msntest.serving-sys.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         multimedia.msn.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         s0.2mdn.net [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         secure-us.imrworldwide.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         serving-sys.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         static.discoverymedia.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         timesofindia.indiatimes.com [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         udn.specificclick.net [ C:\Users\McCreary's\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QMXMQCK9 ]
         cache.specificmedia.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         cdn4.specificclick.net [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         cdn5.specificclick.net [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         core.insightexpressai.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         ds.serving-sys.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         m1.2mdn.net [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         media.dreamhost.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         media.ign.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         media.komonews.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         media.kusi.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         media.mtvnservices.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         media.nbcwashington.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         media.scanscout.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         media.scrippsnewspapers.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         media.socialvibe.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         media1.break.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         media10.washingtonpost.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         msnbcmedia.msn.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         msntest.serving-sys.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         objects.tremormedia.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         oddcast.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         s0.2mdn.net [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         secure-us.imrworldwide.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         static.2mdn.net [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         udn.specificclick.net [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         www.countryinns.com [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]
         www.wvnetworkmedia.org [ C:\Windows.old\Users\UncleDavid\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\98RVCJLU ]

      Adware.MyWebSearch/FunWebProducts
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3CJPEG.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3DTACTL.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HISTSW.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HTMLMU.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HTTPCT.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3POPSWT.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3PSSAVR.SCR
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3REPROX.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3RESTUB.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3SCHMON.EXE
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3SCRCTR.DLL
         C:\WINDOWS.OLD\WINDOWS\SYSWOW64\F3PSSAVR.SCR
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3CJPEG.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3DTACTL.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HISTSW.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HTMLMU.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HTTPCT.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3POPSWT.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3PSSAVR.SCR
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3REPROX.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3RESTUB.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3SCHMON.EXE
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3SCRCTR.DLL

      Adware.MyWebSearch
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HKSTUB.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3REGHK.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3AUXSTB.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3DLGHK.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3HIGHIN.EXE
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3HTML.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3IDLE.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3IMPIPE.EXE
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3MEDINT.EXE
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3MSG.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3OUTLCN.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3PLUGIN.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SKIN.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SKPLAY.EXE
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SLSRCH.EXE
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SRCHMN.EXE
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSOEPLG.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSOESTB.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSSRCAS.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSSVC.EXE
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\FIREFOX\NPMYWEBS.DLL
         C:\WINDOWS.OLD\USERS\UNCLEDAVID\DOWNLOADS\IWONSETUP2.3.50.62.SA.HP.ZLFOX000.EXE
         K:\DOWNLOADS\IWONSETUP2.3.50.62.SA.HP.ZLFOX000.EXE
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3HKSTUB.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\F3REGHK.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3AUXSTB.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3DLGHK.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3HIGHIN.EXE
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3HTML.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3IDLE.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3IMPIPE.EXE
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3MEDINT.EXE
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3MSG.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3OUTLCN.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3PLUGIN.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SKIN.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SKPLAY.EXE
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SLSRCH.EXE
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\M3SRCHMN.EXE
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSOEPLG.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSOESTB.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSSRCAS.DLL
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSSVC.EXE
         K:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\FIREFOX\NPMYWEBS.DLL

      Trojan.Vundo-Variant/F
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\STEAM\STEAMAPPS\DIAMONDWRAITH\COUNTER-STRIKE SOURCE\BIN\PARSIFAL.DLL
         C:\WINDOWS.OLD\PROGRAM FILES (X86)\STEAM\STEAMAPPS\DIAMONDWRAITH\COUNTER-STRIKE SOURCE\BIN\VAUDIO_MILES.DLL

      Adware.CouponBar
         C:\WINDOWS.OLD\USERS\UNCLEDAVID\APPDATA\LOCAL\TEMP\CPNPRT2.CID

      Adware.Gamevance
         C:\WINDOWS.OLD\USERS\UNCLEDAVID\DOWNLOADS\SETUPGAMEVANCE(2).EXE
         C:\WINDOWS.OLD\USERS\UNCLEDAVID\DOWNLOADS\SETUPGAMEVANCE.EXE
         K:\DOWNLOADS\SETUPGAMEVANCE.EXE
         K:\DOWNLOADS\SETUPGAMEVANCE(2).EXE


      Phone issue is resolve.
      The problem with the cellphones is a regional "glitch". its occurring in many states, and affecting many people. Thank god for that. lol

      « Last Edit: February 09, 2011, 03:23:02 PM by WiseFailure »
      Logged

      SuperDave

      • Malware Removal Specialist
      • Moderator


        • Genius
        • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...
      « Reply #20 on: February 09, 2011, 04:49:56 PM »
      Did you do the other things I asked you to do in my reply; like installing an AV program?
      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      WiseFailure

        Topic Starter


        Beginner

        • Experience: Beginner
        • OS: Unknown
        Re: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...
        « Reply #21 on: February 09, 2011, 10:10:21 PM »
        Quote from: SuperDave on February 09, 2011, 04:49:56 PM
        Did you do the other things I asked you to do in my reply; like installing an AV program?

        Isnt superantivirus, an anti virus program? If so, ive got that. I also use Windows Defender. Ive updated my java and adobe. ive disabled and deleted Various things as you said i should.

        Did you see anything in my spyware logs? What do i do now?
        Logged

        BC_Programmer


          Mastermind
        • Typing is no substitute for thinking.
          • Thanked: 1140
          • Yes
          • Yes
          • BC-Programming.com
        • Certifications: List
        • Computer: Specs
        • Experience: Beginner
        • OS: Windows 11
        Re: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...
        « Reply #22 on: February 09, 2011, 10:11:19 PM »
        Quote from: WiseFailure on February 09, 2011, 10:10:21 PM
        Isnt superantivirus, an anti virus program?
        SuperAntiSpyware is not an Anti-Virus program. It's an Anti-spyware program.
        Logged
        I was trying to dereference Null Pointers before it was cool.

        WiseFailure

          Topic Starter


          Beginner

          • Experience: Beginner
          • OS: Unknown
          Re: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...
          « Reply #23 on: February 10, 2011, 05:28:33 PM »
          Downloaded AVG.
          Logged

          WiseFailure

            Topic Starter


            Beginner

            • Experience: Beginner
            • OS: Unknown
            Re: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...
            « Reply #24 on: February 10, 2011, 06:51:57 PM »
            I received a call from some SNG ressearch corp, today. Apparently it was a "random" phone number generator. Im really getting scared out of my mind that my familys personal information has been compromised! at what point should i rationally put all my personal information on alert? Is that necessary at this point? Its not the first time ive gotten calls for Surveys, but This particular call, along with the last call about winning something.. i really dont know what to think.

            Anyway, what now?

            Is it possible that there is a virus or something of the sort "running in the background" that cant be detected? thats all for now.
            « Last Edit: February 10, 2011, 07:13:32 PM by WiseFailure »
            Logged

            WiseFailure

              Topic Starter


              Beginner

              • Experience: Beginner
              • OS: Unknown
              Re: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...
              « Reply #25 on: February 10, 2011, 08:31:32 PM »
              This is my HijackThis log. when i started the scan it said this "For some reason your system denied white access to your host files. If any hijack domains are in this file Hijack may not be able to fix it."


              Logfile of Trend Micro HijackThis v2.0.4
              Scan saved at 10:28:30 PM, on 2/10/2011
              Platform: Windows 7  (WinNT 6.00.3504)
              MSIE: Internet Explorer v8.00 (8.00.7600.16722)
              Boot mode: Normal

              Running processes:
              C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
              C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
              C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
              C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
              C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
              C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
              C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
              C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
              C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
              C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
              C:\Program Files (x86)\iTunes\iTunesHelper.exe
              C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
              C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
              C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
              C:\Program Files (x86)\TrendMicro\Trend Micro\HiJackThis\sniper.exe.exe
              C:\Program Files (x86)\TrendMicro\Trend Micro\HiJackThis\HiJackThis.exe

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.woodforest.com/WNB/Login.aspx?ReturnUrl=%2fWNB%2fAccounts%2fActivity.aspx
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
              F2 - REG:system.ini: UserInit=userinit.exe,
              O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
              O2 - BHO: GoodShopToolbar - {0b4d6b1c-d1a6-4b21-9412-cc846ebfa818} - C:\Program Files (x86)\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
              O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
              O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
              O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
              O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
              O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
              O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
              O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
              O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
              O3 - Toolbar: GoodSearchBar - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - C:\Program Files (x86)\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
              O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
              O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
              O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
              O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
              O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
              O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
              O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
              O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
              O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
              O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
              O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
              O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
              O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
              O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
              O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
              O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
              O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
              O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://access.hersheymed.net/dana-cached/sc/JuniperSetupClient.cab
              O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
              O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
              O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
              O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
              O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
              O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
              O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
              O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
              O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
              O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
              O23 - Service: lxdu_device -   - C:\Windows\system32\lxducoms.exe
              O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
              O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
              O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
              O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
              O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
              O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
              O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
              O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
              O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
              O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
              O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
              O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
              O23 - Service: TotalNetGuard - Clean WWW, Inc. - C:\Windows\SysWOW64\Filter Services\fService.exe
              O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
              O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
              O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
              O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
              O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
              O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
              O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
              O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

              --
              End of file - 10949 bytes
              Logged

              Allan

              • Moderator

                • Mastermind
                • Thanked: 1260
              • Experience: Guru
              • OS: Windows 10
              Re: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...
              « Reply #26 on: February 11, 2011, 05:35:43 AM »
              Please stop clogging this thread with unnecessary information. Just follow SuperDave's instructions to the letter.
              Logged

              WiseFailure

                Topic Starter


                Beginner

                • Experience: Beginner
                • OS: Unknown
                Re: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...
                « Reply #27 on: February 11, 2011, 10:53:56 AM »
                Quote from: Allan on February 11, 2011, 05:35:43 AM
                Please stop clogging this thread with unnecessary information. Just follow SuperDave's instructions to the letter.

                "Posting The Logs: Please give details. Just posting the logs in many instances is not enough information for us."

                Im simply doing what the "read this before requesting help" thread says. It might seem unnecessary, but its still information. What else am i supposed to do?



                Hijackthis log again with antivirus installed.

                Logfile of Trend Micro HijackThis v2.0.4
                Scan saved at 1:21:32 PM, on 2/11/2011
                Platform: Windows 7  (WinNT 6.00.3504)
                MSIE: Internet Explorer v8.00 (8.00.7600.16722)
                Boot mode: Normal

                Running processes:
                C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
                C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
                C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
                C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
                C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
                C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
                C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
                C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
                C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
                C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
                C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
                C:\Program Files (x86)\iTunes\iTunesHelper.exe
                C:\Program Files (x86)\AVG\AVG10\avgtray.exe
                C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
                C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
                C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
                C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
                C:\Program Files (x86)\TrendMicro\Trend Micro\HiJackThis\HiJackThis.exe

                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.woodforest.com/WNB/Login.aspx?ReturnUrl=%2fWNB%2fAccounts%2fActivity.aspx
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                F2 - REG:system.ini: UserInit=userinit.exe,
                O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
                O2 - BHO: GoodShopToolbar - {0b4d6b1c-d1a6-4b21-9412-cc846ebfa818} - C:\Program Files (x86)\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
                O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
                O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
                O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
                O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
                O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
                O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
                O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
                O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
                O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
                O3 - Toolbar: GoodSearchBar - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - C:\Program Files (x86)\GoodSearch.com\GoodSearch Toolbar\adxloader.dll
                O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
                O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
                O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
                O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
                O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
                O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
                O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
                O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
                O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
                O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
                O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
                O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
                O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
                O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
                O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
                O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://access.hersheymed.net/dana-cached/sc/JuniperSetupClient.cab
                O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
                O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
                O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
                O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
                O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
                O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
                O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
                O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
                O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
                O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
                O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
                O23 - Service: lxdu_device -   - C:\Windows\system32\lxducoms.exe
                O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
                O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
                O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
                O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
                O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
                O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
                O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
                O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
                O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
                O23 - Service: TotalNetGuard - Clean WWW, Inc. - C:\Windows\SysWOW64\Filter Services\fService.exe
                O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
                O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
                O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
                O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
                O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
                O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
                O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

                --
                End of file - 11710 bytes

                « Last Edit: February 11, 2011, 11:23:05 AM by WiseFailure »
                Logged

                reddevilggg



                  Expert

                  Thanked: 69
                • Experience: Beginner
                • OS: Windows 7
                Re: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...
                « Reply #28 on: February 11, 2011, 10:59:30 AM »

                If you're here for a while you'll get used to it!  :P
                Logged
                11 cheers for binary !

                SuperDave

                • Malware Removal Specialist
                • Moderator


                  • Genius
                  • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Downloaded a keylogger for fun.. sometimes i think ill never learn my lesson...
                « Reply #29 on: February 11, 2011, 01:40:29 PM »
                Quote
                Is it possible that there is a virus or something of the sort "running in the background" that cant be detected?
                Anything is possible.Here are some things you can do to protect yourself.These are just suggestions.

                If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

                How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
                ****************************************************
                Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

                link # 1
                Link # 2
                If you are using Firefox, make sure that your download settings are as follows:

                * Tools->Options->Main tab
                * Set to "Always ask me where to Save the files".

                Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

                Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

                Right-click combofix.exe and select Run as Administrator and follow the prompts.
                When finished, ComboFix will produce a log for you.
                Post the ComboFix log and a new HijackThis log in your next reply.

                NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

                Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
                Logged
                Windows 8 and Windows 10 dual boot with two SSD's
                Pages: 1 [2] 3  All   Go Up
                « previous next »